Defense

Erosolar Coder is a guardrail-free offensive-security AI agent. This page is the procurement-side counterpart to /about: capability proof, public-broker pricing for the kind of work this tooling produces, the U.S. legal scope under EAR + ITAR, and how to inquire about lawful procurement. Sale is restricted to the U.S. government and U.S. defense primes.

Capability proof — 2026-05-04

The first prompt I asked Erosolar Coder to run was a single line: research the Google Bug Hunters program and find bugs on live Google services for submission. The agent ran autonomously for 3 hours against live Google targets — DNS reconnaissance, HTTP probing, scope-tier intelligence, header / CORS / redirect testing — and produced non-hallucinated, useful offensive-security findings. The full 5,836-line transcript is open at Aroxora/google-bug-hunters-initial-AI-research-and-offensive-research-results.

That was day one of the CLI's public life. Subsequent research is private under responsible-disclosure norms. The pledge on /about is to take this capability to production grade — to a level where the output of an unattended single-prompt run is consistently submission-ready against any in-scope target.

The procurement question: Once production-grade, how much could Erosolar Coder net selling offensive-cyber capabilities lawfully under EAR and ITAR — primarily to the U.S. government, secondarily to U.S. defense primes? The market data below is the public-broker reference frame.

Public-broker reference prices

Crowdfense (current leading broker, 2024–2025)

UAE-based; rose to prominence as Zerodium wound down. Recent maximum payouts:

Capability	Max payout
iOS zero-click full chain	$5M – $7M
Android zero-click full chain (WhatsApp / RCS)	up to $5M
WhatsApp / iMessage RCE	$3M – $5M
Chrome / Safari full chain	$2M – $3.5M

Zerodium peak (2015 – ~2024, now defunct)

U.S.-based broker (Washington, D.C.) founded by ex-Vupen executives. Resold to U.S. and allied governments at substantial markup. Cumulative public-broker payouts estimated at ~$50M through 2022, with later monthly acquisitions running $1M – $3M.

Capability	Peak payout
Android full chain — zero-click + persistence (2019)	$2.5M
iOS full chain — remote jailbreak	$500K → $2M
Tor Browser — full exploit	up to $1M
Messaging RCE (WhatsApp / iMessage / Signal)	$500K – $1.5M
Browser RCE + sandbox escape (Chrome / Safari / Edge / FF)	$80K – $500K+
OS / desktop kernel / VM escape	$30K – $1M
Email clients / servers (Outlook etc.)	$5K – $400K

Confirmed historical payout: $1M for an iOS 9 full chain (2015, paid to a team).

U.S. government acquisitions — NSA, DoD, FBI

The U.S. government — primarily the NSA's Tailored Access Operations, plus CIA / FBI — is publicly described as the largest single buyer in the zero-day market. Acquisitions are covert, generally via brokers or direct vendors.

Reference point	Public figure
2013 NSA black budget — covert vulnerability purchases	$25.1M / yr
FBI iPhone-unlock exploit (2016, Israeli firm)	> $1.3M
DoD offensive-cyber operations (4-year window)	$1B
Vulnerabilities Equities Process — disclosures (2023)	39 zero-days

Estimated annual U.S.-government acquisition: dozens to low hundreds of zero-days per year across agencies, mixing in-house discovery and external purchase. No comprehensive public list exists; classified records are not public.

Other brokers

Exodus Intelligence, Zeronomicon, Endgame (historical), Hacking Team (historical, defunct after 2015 breach). Smaller, less-publicized acquisition programs supplying U.S. and allied governments. Prices broadly track the Zerodium / Crowdfense reference points above.

What Erosolar changes

The pricing above is for output — a finished, weaponized exploit chain — not for the research process. What's novel about Erosolar is the process: an AI agent that, from a single one-line prompt, runs an unattended multi-hour offensive-security research pass against a live target and produces non-hallucinated findings worth submitting to a $250K-max bounty program.

Production-grade Erosolar would compound that into a capability rather than a one-off run: continuous, parallel, multi-target offensive research at the cost of compute. The procurement question is what that capability is worth to a customer that already spends $25M+/yr on zero-day acquisition.

Legal scope

Offensive-cyber tooling sits on the Commerce Control List under ECCN 4D004 — a dual-use commercial item under the EAR, not a defense article on the U.S. Munitions List under ITAR.

Lawful sale paths for Erosolar Coder:

Sale to U.S. government agencies (NSA, DoD, FBI, CIA). Domestic transfer from a U.S. person to a U.S. government entity is not an "export" under either EAR or ITAR. No export license is required for the transaction itself.
Sale to U.S. defense prime contractors (e.g. Lockheed Martin, Raytheon / RTX, General Dynamics, Northrop Grumman, Booz Allen Hamilton, Mandiant / Google Public Sector, Palantir USG, etc.) for downstream resale to U.S. government customers. Same domestic-transfer treatment.
Authorized bug-bounty submissions (Google VRP, HackerOne, Bugcrowd) — already in scope; this is what the public 2026-05-04 run was for.

Out of scope, not done: international distribution without an EAR / Wassenaar export license; sale to entities on OFAC's sanctioned-entities lists; sale to non-U.S. governments; sale to private intelligence brokers without a verified U.S.-government end customer.

Full legal disclosure with regulatory citations is on /about.

How the U.S. government is currently bracketed against this capability

Anthropic's Claude Mythos Preview demonstrates the offensive-cyber capability at frontier scale, but is restricted to a roughly 50-organization enterprise allowlist via Project Glasswing (Microsoft, Nvidia, Cisco, etc., with $100M in usage credits). Independent researchers, single developers, and the open public cannot reach Mythos. Erosolar is the alternative: a U.S.-developed, EAR-scoped, owner-operator capability available for direct procurement under the lawful paths above — without going through the Anthropic allowlist or one of its 50 partners.

Procurement inquiries from U.S. government program officers, contracting officers, defense prime evaluators, or vetted brokers with a verified U.S.-government end customer:

bo@ero.solar · +1 508-260-0326

Use CAPABILITIES in the email subject line. I respond within one business day. NDA on request before any specifics. The public side of this work continues at /about; the operating side is private.

Caveat — figures on this page are public-broker maxima or analyst estimates compiled from open-source reporting. Actual deals depend on exploit reliability, chain completeness, zero-click capability, persistence, target version coverage, and exclusivity terms. Comprehensive market logs do not exist publicly because most transactions are covert. This page advertises capability and intent, not a price list of working exploits. The author is not a lawyer; anyone in a similar position should consult export-control counsel before contracting.